Designed a practical TPRM framework with vendor inventory, criticality tiers, and due diligence mapped to PCI DSS, ISO 27001 and SOC 2, plus a 5-week rollout roadmap.

Built a centralized tracker to manage renewals and evidence across PCI DSS, SOC 2, ISO 27001 and vendor certifications, improving audit readiness and reducing missed renewals.

Performed a readiness review against ISO/IEC 27001:2022, mapped controls to existing processes, identified high-risk gaps, and built a phased remediation plan with clear ownership.

Developed a risk register and dashboard combining key risks, control status and remediation progress to support clearer prioritization and stronger reporting to senior leadership.